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REMARKS 

The Examiner is thanked for the thorough examination of the present application. The 
Office Action, however, has continued to reject all pending claims under 35 U.S.C. § 1 02(e) as 
allegedly anticipated by U.S. patent no. 6,1 82,1 42 to Win et al. (hereafter Win). For at least the 
reasons set forth below, Applicant continues to disagree and requests reconsideration and 
withdrawal of the rejections. 

In short, the Office Action has not traversed the substantive distinctions that Applicant set 
forth in its previous response. Instead, the Office Action refuses to accept those distinctions on 
the basis that they are not expressly embodied in the claims. For reasons that will be further set 
forth herein, Applicant disagrees with the Office Action's refusal to accept Applicant's previous 
arguments. Therefore, Applicant continues to disagree with the rejections for all the reasons 
previously set forth, and Applicant incorporates those prior arguments herein by reference (and 
preserves these arguments for appeal). In addition, Applicant sets for the following additional 
arguments. 

For purposes of clarification, in Applicant's previous response, Applicant provided a 
high-level description of a fundamental distinction between the claimed embodiments and the 
cited Win reference. This high-level description was merely intended to aid the Examiner's 
understanding of Applicant's argument. Instead, it appears that the Examiner has read that 
illustrative distinction as being an argument for a narrower interpretation of the claims. It was 
not. Therefore, with this illustration already present in the record, in this response Applicant will 
focus exclusively on the claim language. 
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Discussion of Claims 1-11 

The Office Action continued rejected claims 1-11 under 35 U.S.C. § 102(e) as allegedly 
anticipated by Win. For at least the reasons set forth below, Applicant disagrees and requests 
reconsideration of the rejections. 

Claim 1 recites: 

1 . A method implemented at a Web server for controlling the 
resumption of access to a World Wide Web page to be supplied by the Web 
server and requiring at least one prerequisite, the method comprising: 

receiving and evaluating a current HTTP request from a Web client to 
determine whether a previously unsatisfied prerequisite has been satisfied; 

retrieving from a stored location information related to re-requesting a 
target HTTP request previously interrupted by the prerequisite, if the 
receiving and evaluating step determines that a previously unsatisfied 
prerequisite has been satisfied; 

forming an HTTP response, which response includes contents for re- 
requesting from the Web client the target HTTP request; and 

transmitting the response to the Web client that transmitted the current 
HTTP request. 

(Emphasis added.) Applicant respectfully submits that claim 1 patently defines over Win for at 
least the reason that Win fails to disclose the features emphasized (bold and italics) above. 

With regard to the 'Yetrieving ..." element, the Office Action has relied upon col. 2, lines 
41-65 and col. 3, lines 34-36 of Win as allegedly disclosing this feature. It does not. In fact, the 
cited portions of Win actually state: 

One feature of this aspect is the steps of defining a role of the user; and 
storing an association of the user to the role at the second server. A related 
feature is the steps of defining one or more roles and functional groups of an 
organization to which the user belongs; storing information describing the roles 
and functional groups in association with information describing the user; and 
determining whether the user may access the resource based on the information 
describing the roles and functional groups. 

According to another feature, the identifying step further comprises the 
steps of connecting the first server to the second server, in which the second 
server stores information describing the user, one or more roles, one or more 
functional groups, the resources, and associations among them; and 
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communicating a request for a profile of the user from the first server to the 
second server. In another feature, the receiving step further comprises the steps 
of receiving the information describing the user at a runtime module on the first 
server that also intercepts requests to access the resource. In yet another feature, 
the step of identifying further comprises the step of determining whether the 
user is authentic. A related feature is that the step of identifying further 
comprises the steps of communicating encrypted information between the first 
server and the second server describing resources that the user is authorized to 
use. 

. . . determining, based on the one or more tokens, whether the client is 
authorized to use the one of the resources . . . 

As can be readily verified from even a cursory review of the above-quoted portions of Win, the 
relevant features of claim 1 are not disclosed anywhere therein. 

More particularly, the cited portion of Win (and surrounding text) describes a process 
whereby a user can log into a system through a client, and thereafter be permitted access to 
certain otherwise restricted information. Lines 41-49 of Win form a paragraph describing how 
that system stores role and functional group information for the user and defines to which pages 
those roles and groups allow access. The remaining lines (lines 50-65) form a second paragraph 
describing how that system stores user, role, and functional group information, communicates 
that information between the various server components of the system, and uses that information 
as a basis for authenticating user requests. 

In contrast, claim 1 recites "retrieving from a stored location information related to re- 
requesting a target HTTP request previously interrupted by the prerequisite". There is no 
teaching in the cited portion of Win of the retrieving of "information related to re-requesting a 
target HTTP request previously interrupted by the prerequisite" For at least this reason, the 
rejection of claim 1 is misplaced and should be withdrawn. 
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Significantly, there is nothing disclosed in the cited portions of WIN about retrieving 
previously saved information related to re-requesting a previously interrupted target page, as 
defined in claim 1. For at least this reason the rejection of claim 1 is misplaced and should be 
withdrawn. 

As a separate and independent basis for the patentability of claim 1 , the Office Action 

relied upon col. 8, lines 40-55 as allegedly teaching the "forming . . element. Applicant 

respectfully disagrees. The "forming ..." element of claim 1 specifically defines 'forming an 

HTTP response, which response includes contents for re-requesting from the Web client the 

target HTTP request" In contrast, the cited portion of Win states: 

...If the conditions are not satisfied, then the user cannot be authenticated, and 
as shown in state 314, Runtime Module 206 returns a redirection to the Login 
URL. As shown by state 316, HTTP Server 202 returns the redirection to the 
Login URL to the browser 1 00. 

FIG. 3C is a state diagram showing processes carried out when the URL is a 
protected resource and the user is authenticated. After the user has been 
authenticated in state 312, Runtime Module 206 calls the Authorization 
Verification Service to check that the user has the right to access the protected 
resource. All authenticated users have the right to access "public" resources. In 
state 3 1 8, the Runtime Module 206 tests whether the resource is a public 
resource. If so, then Runtime Module 206 returns a direction to one or more 
resource pages, and HTTP Server 202 returns the redirection to browser 100, as 
shown by state 308. 

As can be readily verified from even a cursory reading of the cited portion of Win, this teaching 
of Win merely teaches the redirection of a user to a login page, when the user is not logged-in 
(lines 40-44) and letting the user proceed on to the page he is trying to access when he is already 
logged-in and the page is public (lines 45-55). Significantly, however, this portion of Win does 
not teach the formation of an HTTP response, "which response includes contents for re- 
requesting from the Web client the target HTTP request,'" as expressly recited in claim 1 . In 
this regard, this portion of the Win patent is describing the situation where a user is trying to 
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access the page in the first place and the pre-requisites (login and authorization) are already 
satisfied. In contrast, the relevant element of claim 1 is concerned with the situation where such 
initial access fails so that, after the pre-requisite does eventually become satisfied, the user's 
original request is automatically resumed. That automatic resumption of a interrupted original 
request (what the claim refers to as the "target") is what claim 1 defines (and not the fulfillment 
of a request that already satisfies all the pre-requisites so never needs to be interrupted in the first 
place). For at least this separate and independent reason, the rejection of claim 1 is misplaced 
and should be withdrawn. 

The undersigned understands that the Office Action has essentially ignored express 
language of claim 1 based on Applicant's previous argument, which provided an illustration that 
utilized term that were not embodied in the claim. That is, the Office Action appears to have 
refused to fully consider previous arguments because the argument contained terms that were not 
included in the claim, and the present Office Action states that the claim is being given its 
broadest possible construction. The undersigned submits, however, that even giving claim 1 its 
broadest reasonable construction, claim terms cannot be ignored. 

As set forth in the discussion above, certain claim terms clearly define over the teachings 
of Win. These claim terms include "retrieving ... information related to re-requesting a target 
HTTP request previously interrupted by the prerequisite, if the receiving and evaluating step 
determines that a previously unsatisfied prerequisite has been satisfied" and "forming an 
HTTP response, which response includes contents for re-requesting from the Web client the 
target HTTP request" Simply stated no such comparable or even analogous feature exists in 
Win, and for at least this reason the rejection of claim 1 should be withdraws. 
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Claims 2-1 1 each depend from claim 1 and patently define over Win for at least the same 
reasons as claim 1. In addition, these claims define additional features that are not disclosed or 
suggested in Win. For example, claim 1 0 defines: "... wherein the HTTP response formed 
includes content to cause the Web client to automatically re-request the target HTTP request." 
Likewise, claim 1 1 defines: "...wherein the HTTP response formed includes content to inform 
and allow the user of the Web client to optionally re-request the target HTTP request." 

With regard to claim 10, the Office Action again relied upon col. 8, lines 40-55 (quoted 
above) for allegedly disclosing the "forming* . element of claim 1 . However, there is absolutely 
no teaching in this portion of Win that discloses the forming of an HTTP response to include 
"content to cause the Web client to automatically re-request the target HTTP request," as 
specifically recited by claim 1 0. For at least this additional reason, the rejection of claim 1 0 is 
misplaced and should be withdrawn. 

With regard to claim 1 1 , the Office Action relied upon col. 6, lines 6-24 and 48-61 as 
allegedly teaching the claimed subject matter. Applicant respectfully disagrees. These portions 
of Win actually state: 

The system 2 also enables Users to log-in to the system once, and 
thereafter access one or more Resources during an authenticated session. Users 
may log in either with a digital certificate or by opening a login page URL with a 
web browser and entering a name and password. In the past, users have had to log 
in individually to each Web application that they are authorized to use. In the 
preferred embodiment, users always access the same login page regardless of the 
number of resources to which they need access. Thus, the system provides a 
mechanism of single secure log-in to Web resources. 

If the login attempt is successful, the system 2 presents the User with a 
Personalized Menu that assists the User in identifying and selecting a Resource. In 
one embodiment, a Personalized Menu is an HTML page containing a list of 
authorized Resources. The Personalized Menu displays only Resources to which 
the "User has access. The User can then select and access a Resource. 
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Access Server 106 stores a log-in page, Authentication Client Module and 
Access Menu Module. The Authentication Client Module authenticates a user by 
verifying the name and password with the Registry Server 108. If the name and 
password are correct, the Authentication Client Module reads the user's roles ftorn 
the Registry Server 108. It then encrypts and sends this information in a "cookie" 
to the user's browser. A "cookie" is a packet of data sent by web servers to web 
browsers. Each cookie is saved by browser 100 until the cookie expires. Cookies 
received from a web server in a specific domain are returned to web servers in that 
same domain during open URL requests. A cookie returned by the Authentication 
Client Module is required for access to resources protected by the system 2. 

As can be readily verified from the above-quoted portion of Win, there is no teaching or 

disclosure of the claimed forming of an HTTP response to include "content to inform and allow 

the user of the Web client to optionally re-request the target HTTP request." In particular, a 

Personalized Menu listing available Resource options is not the same thing as a page inviting the 

user specifically to repeat his original request (right down to even the original request form 

parameters) and providing an option to do that, as claimed in the present application. For at least 

this separate and independent reason, the rejection of claim 1 1 should be withdrawn. 



Discussion of claims 12-21 

The Office Action, however, rejected claims 12-21 under 35 U.S.C. § 102(e) as allegedly 
anticipated by Win. For at least the reasons set forth below, Applicant disagrees and requests 
reconsideration of the rejections. 

Claim 12 recites: 

12. A method implemented at a Web server for controlling the 
interruption of access to a World Wide Web page to be supplied by the Web 
server and requiring at least one prerequisite, the method comprising: 

receiving and evaluating a current HTTP request from a Web client to 
determine whether an unsatisfied prerequisite exists; 

saving to a stored location information related to re-requesting the 
current HTTP request, if the receiving and evaluating step determines that an 
unsatisfied prerequisite exists; 
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forming an HTTP response, which response omits desired contents 
from a location specified by the current HTTP request, and 

transmitting the response to the Web client that transmitted the current 
HTTP request. 



(Emphasis added.) Applicant respectfully submits that claim 12 patently defines over Win for at 
least the reason that Win fails to disclose the features emphasized (bold and italics) above. 

Applicant submits that additional distinctions define claim 12 over Win. For example, 
the Office Action has relied upon col. 24, lines 41-55 and col. 8, lines 14-31 , col. 8, line 56 - col. 
9, line 6, and coL 3, lines 34-36 as allegedly teaching the "saving . . element. The Office Action 
also relies on col. 8, lines 56 - col. 9, line 6 as teaching the "forming ..." element. Applicant 
respectfully disagrees. First, Applicant fails to understand why the same teaching col. 8, line 56 
— col. 9, line 6 has been cited for teaching two different claim element. 

Turning first to teachings of Win relied of by the Office Action for allegedly teaching the 
"saving ..." element of claim 12, these cited portions of Win actually state: 

Preferably, system 2 generates a runtime log file and a registry log file that 
report changes in the configuration of elements of the system, and errors. 

The runtime log file is generated by Runtime Module 206 and reports 
possible errors that occur during initialization of the Runtime Module. The 
runtime log file also reports possible misuse of cookies, for example, a user 
attempting to use a cookie file copied or stolen from another user or machine. 

The registry log file reports startup parameters of the Authentication 
Server module 606. The startup parameters include default time zone, whether 
SSL protocol is enabled, number of threads, etc. The registry log file also reports 
information about whether the Registry Server 108 started correctly. 

(Col. 24, lines 41-55). 

FIG. 3A is a state diagram showing certain actions carried out by Protected 
Server 104. As shown by state 302, a browser 100 issues an HTTP request, such 
as "Open the Resource designated by this URL," and provides a URL as a 
parameter. For every HTTP request that is received, HTTP Server 202 sets a Web 
server environment variable "REMOTE ADDR" equal to the Internet Protocol 
(IP) address of the requesting client or server. As shown by state 304, the HTTP 
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Server 202 then calls the Runtime Module 206, which runs in the same process 
space as the HTTP Server, and passes it the browser's request Runtime Module 
206 determines whether the requested URL is a protected resource. If the 
requested URL is not a protected resource, then as shown by state 306, the 
Runtime Module takes no further action and passes control back to HTTP Server 
202. As shown by state 308, the in response the HTTP Server 202 provides one or 
more Web pages containing the requested resource to the browser 100. 

(Col. 8, lines 14-31). 

If the resource is not a public resource, then a user is allowed access only 
if the user is authorized, as shown by state 320. In the preferred embodiment, state 
320 involves testing whether the request from browser 100 contains a "roles 
cookie" that can be decrypted, and the user has one or more roles, in a 
combination defined by an Access Rule. Each Access Rule is a Boolean 
expression of one or more roles. In an alternate embodiment, state 320 involves 
testing whether the user has at least one role needed to access the resource. If 
these conditions are satisfied, then the user is deemed authorized. If these 
conditions are not satisfied* the user does not have authorization and the Runtime 
Module returns a redirection to a pre-defined URL, as shown by state 322. 
Preferably, the pre-defined URL identifies a Web page that displays the message 
"Access Restricted/ or an equivalent warning that informs the user that it cannot 
access the requested resource. 

(Col. 8, line 56 - CoL 9, line 6). 

Significantly, however, there is nothing disclosed about saving information related to re- 
requesting the current HTTP request to a stored location. 
MORE HERE 

With regard to the ''forming ..." element, the portion of Win relied on by the Office 
Action states: 

If the resource is not a public resource, then a user is allowed access only 
if the user is authorized, as shown by state 320. In the preferred embodiment, state 
320 involves testing whether the request from browser 1 00 contains a "roles 
cookie" that can be decrypted, and the user has one or more roles, in a 
combination defined by an Access Rule. Each Access Rule is a Boolean 
expression of one or more roles. In an alternate embodiment, state 320 involves 
testing whether the user has at least one role needed to access the resource. If 
these conditions are satisfied, then the user is deemed authorized. If these 
conditions are not satisfied, the user does not have authorization and the Runtime 
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Module returns a redirection to a pre-defined URL, as shown by state 322. 
Preferably, the pre-defined URL identifies a Web page that displays the message 
"Access Restricted," or an equivalent warning that informs the user that it cannot 
access the requested resource. 

(Col. 8, line 56 - Col. 9, line 6). 

MORE HERE 

forming an HTTP response, which response omits desired contents from a 



Claims 13-21 each depend from claim 12 and the rejections to these claims should be 
withdrawn for at least the same reasons. 



Claims 22-27 

The Office Action, however, rejected claims 22-27 under 35 U.S.C. § 102(e) as allegedly 
anticipated by Win. For at least the reasons set forth below, Applicant disagrees and requests 
reconsideration of the rejections. 

Claim 22 recites: 

22. A Web server for controlling the resumption of access to a World 
Wide Web page to be supplied by the Web server and requiring at least one 
prerequisite, the Web server comprising: 

a first mechanism configured to evaluate a current HTTP request from a 
Web client to determine whether a previously unsatisfied prerequisite has been 
satisfied; 

a second mechanism configured to retrieve from a stored location 
information related to re-requesting a target HTTP request previously 
interrupted by the prerequisite, in response to the first mechanism 
determining that a previously unsatisfied prerequisite has been satisfied; 

a third mechanism configured to form an HTTP response, which 
response includes contents for re-requesting from the Web client the target 
HTTP request; and 

a fourth mechanism configured to transmit the response to the Web 
client that transmitted the current HTTP request. 
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{Emphasis added). Applicant respectfully submits that claim 22 patently defines over Win for at 
least the reason that Win fails to disclose the features emphasized (bold and italics) above. 

Claim 22 is an apparatus claim defining elements that loosely correspond to the elements 
of method claim 1 . Indeed, the rationale for the rejection of claim 22 closely parallels the 
rationale for the rejection of claim 1 . Accordingly, Applicant respectfully submits that the 
rejection of independent claim 22 (and dependent claims 23-27) should be withdrawn for at least 
the same reason as the rejection of claim 1 . 



Claims 28-29 

The Office Action, however, rejected claims 28-29 under 35 U.S.C. § 102(e) as allegedly 
anticipated by Win. For at least the reasons set forth below, Applicant disagrees and requests 
reconsideration of the rejections. 

Claim 28 recites: 

28, A Web server for controlling the interruption of access to a World 
Wide Web page to be supplied by the Web server and requiring at least one 
prerequisite, the Web server comprising: 

a first mechanism configured to evaluate a current HTTP request from a 
Web client to determine whether an unsatisfied prerequisite exists; 

a second mechanism configured to save to a stored location 
information related to re-requesting the current HTTP request, in response to 
the first mechanism determining that an unsatisfied prerequisite exists; 

a third mechanism configured to form an HTTP response, which 
response omits desired contents from a location specified by the current HTTP 
request; and 

a fourth mechanism configured to transmit the response to the Web 
client that transmitted the current HTTP request. 

(Emphasis added). Applicant respectfully submits that claim 28 patently defines over Win for at 

least the reason that Win fails to disclose the features emphasized (bold and italics) above. 
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Claim 28 is an apparatus claim defining elements that loosely correspond to the elements 
of method claim 12. Indeed, the rationale for the rejection of claim 28 closely parallels the 
rationale for the rejection of claim 12. Accordingly, Applicant respectfully submits that the 
rejection of independent claim 28 (and dependent claim 29) should be withdrawn for at least the 
same reason as the rejection of claim 1 2. 

In view of the foregoing, it is believed that all pending claims are in proper condition for 
allowance. If the Examiner believes that a telephone conference would expedite the examination 
of the above-identified patent application, the Examiner is invited to call the undersigned. 

No fee is believed to be due in connection with this Amendment and Response to Office 
Action. If, however, any fee is deemed to be payable, you are hereby authorized to charge any 
such fee to Hewlett-Packard Company's Deposit Account No. 08-2025. 



Please continue to send all future correspondence to: 

Hewlett-Packard Development Company, L.P. 
Intellectual Property Administration 
P.O. Box 272400 

Fort Collins, Colorado 80527-2400 



Respectfully submitted, 




Daniel R. McChire 
Registration No. 38,962 
(770) 933-9500 
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